Contents

Goal

Basic concept is to combine the above apps/utilities to create an easy to set up and low upkeep monitoring system that also tracks inventory thanks to OpenAudit. Redundant entries in configs will be kept to a minimum (hopefully). New devices should be auto-added to monitoring systems, along with associated services (for example, a Windows server running MS Exchange might have basic services such as CPU load, HD free space, running services and Exchange queues monitored, whereas a router running on Alpine Linux would might need the routing table, throughput, and opennhrp monitored). Also, software licensing should be monitored so that Windows boxes do not exceed purchased licenses.

Once finished, the scripts to tie OpenAudit and the monitoring components will be called AMAAPS (Automatic Monitoring And Auditing Populating System) (WIP available at http://github.com/jbilyk/AMAAPS)

To accomplish the above, this guide will set up (list subject to change):

You have a knowledge of your network setup (at least know which subnets exist)

Your network allows ICMP ping packets to every device that you want discovered and automatically added to the system

Your firewalls (whether on your networking devices or end-user devices) allow traffic back to the server that is being set up, and if it is a Windows host, allows RPC calls in especially if running the audits on Win7 Pro machines, double-check local firewall settings for traffic to/from OpenAudit computer (will allow audits to happen properly when triggered via the OpenAudit computer).

If you are auditing a Windows domain, you have access to an account that has local administrator privileges on every computer (on Win XP a user with Power User privileges may be enough).

Download openaudit from http://downloads.sourceforge.net/open-audit/openauditrelease-09.12.23-SVN1233.zip and extract to /usr/share/webapps/openaudit.
On a Windows server, create scheduled tasks to run ping-sweep-main.bat, lookup-main.bat and insert-hosts-main.bat on a regular basis. Since the insert-hosts-main.bat file runs RPC calls against other Windows servers, at the moment this section needs to run on a Windows server...

To be continued...

TODO: Create a perl script that will run the following mysql queries:
nagiosql Queries:

OpenAudit queries:
Exchange:
select distinct system.system_name,system.net_ip_address from system,software where software_name like '%icrosoft%xchange' and software.software_uuid = system.system_uuid;
SQL:
select distinct system.system_name,system.net_ip_address from system,software where software.software_name like '%icrosoft%SQL%erver%200%' and system.system_os_name like '%erver%' and software.software_uuid = system.system_uuid;
Lotus Domino:
select distinct system.system_name,system.net_ip_address from system,software where software_name like '%otus%omino%' and software.software_uuid = system.system_uuid;
Windows:
select distinct system.system_name,system.net_ip_address from system where system.system_os_name like '%microsoft%server%';

1) Insert the found hosts into tbl_host
insert into db_nagiosql_v3.tbl_host (host_name,address)
select distinct openaudit.system.system_name,openaudit.system.net_ip_address
from openaudit.system,openaudit.software
where openaudit.software.software_name like '%icrosoft%xchange'
and openaudit.software.software_uuid = openaudit.system.system_uuid;

2) Lookup what the id for the host was in tbl_host
select id
from db_nagiosql_v3.tbl_host
where db_nagiosql_v3.tbl_host.host_name = 'CAWEXCH3';

3) Lookup what the id is for specific host_group in tbl_hostgroup
select id from tbl_hostgroup where hostgroup_name = 'exchangeservers';

When auto-adding using scripts below, Windows versions 2000 (Pro and Server), XP Pro, 2003 (inc R2)(Std/Ent)(x86/x64) were detected. Windows 7 Pro only detected when the local firewall was set to allow RPC traffic through

Random scripts

Since part of implementation runs on Windows (due to running a VBScript from OpenAudit to collect Windows server/workstation info via RPC), a set of scripts that run on Windows are listed below.

Ping-sweep*.bat: does an nmap ping sweep of each subnet in subnet.txt and writes all hosts that are up to a file
lookup*.bat: does a A record DNS lookup for each host that's pingable and writes results to a file
insert-hosts*: for each resolvable host, downloads the vbscript to insert the host information into openaudit (uses WMI to get hardware, OS and software info)